For the sake of discussion, let us assume the following server:

Netware 6.5 SP8
IP Address = 10.5.2.10

The server is in a DMZ behind a firewall. The firewall is static NATting 10.5.2.10 to 123.123.123.123. The firewall is allowing ports 21 and 50001-50050 into the server.

Here are the FTPSERV.CFG settings for the server:

HOST_IP_ADDR = 10.5.2.10
FORCE_PASSIVE_ADDR = 123.123.123.123
FTP_PORT = 21
MAX_FTP_SESSIONS = 50
IDLE_SESSION_TIMEOUT = 600
SECURE_CONNECTIONS_ONLY = No
DEFAULT_NAMESPACE = LONG
DATA_BUFF_SIZE = 64
KEEPALIVE_TIME = 10
WELCOME_BANNER = sys:/etc/welcome.txt
MESSAGE_FILE = message.txt
PASSIVE_PORT_MIN = 50001
PASSIVE_PORT_MAX = 50050
PSEUDO_SERVER_FLAG = 1
PSEUDO_FILE_PERMISSIONS = 644
PSEUDO_DIR_PERMISSIONS = 755
DEFAULT_USER_HOME_SERVER = Fred
DEFAULT_USER_HOME = Vol1:\BBS\REP\TEST
IGNORE_REMOTE_HOME = No
IGNORE_HOME_DIR = No
DEFAULT_FTP_CONTEXT =
SEARCH_LIST = .External.Tupelo.CORP
RESTRICT_FILE = sys:/etc/ftprest.txt
ANONYMOUS_ACCESS = No
ANONYMOUS_HOME = sys:/public
ANONYMOUS_PASSWORD_REQUIRED = No
INTRUDER_HOST_ATTEMPTS = 20
HOST_RESET_TIME = 5
INTRUDER_USER_ATTEMPTS = 5
USER_RESET_TIME = 10
FTP_LOG_DIR = sys:/etc/ftp/logs
MAX_LOG_SIZE = 1024
FTP_LOG_LEVEL = 7
FTPD_LOG = ftpd
AUDIT_LOG = ftpaudit
INTRUDER_LOG = ftpintr
STAT_LOG = ftpstat
DISABLE_SITE_CMDS = NO
DISABLE_PATH_DIR_LISTING = NO
TRANSMITFILE_SUPPORT = No
UNLOAD_THIS_INSTANCE = No
CLEAR_EXISTING_INTRUDERS = No

As far as I can tell, I am following the rules described in TID# 3931251. So, why can I not do passive FTP into this server from out on the Internet?????

Active works, passive does not.